Version 2026.05.15 · Effective 15 May 2026
Security & Audit Notice
Security controls, activity logging, session handling, and monitoring notices.
Auditable Activity
DR.CORD is designed so clinically and operationally meaningful actions can be attributed to a user, clinic, role, branch, and workflow context where available.
Auditable activity may include patient registration, queue activity, consultation updates, prescription actions, lab reports, billing events, pharmacy dispense, inventory movements, document uploads, consent acceptance, sync recovery, and administrative changes.
Operational Monitoring
The platform may monitor runtime health, background jobs, sync queues, device mode, storage pressure, hydration state, lock state, subscription recovery, upload queues, and notification delivery state.
Monitoring supports reliability, incident response, support, and patient-safety-oriented operations.
Security Protections
DR.CORD uses authentication, clinic scoping, role and capability checks, tenant-aware data paths, local schema validation, idempotency keys, transaction journals, operational locks, and event replay safeguards.
No software can eliminate all security risk. Clinics must maintain device security, staff training, access review, password hygiene, and incident escalation processes.
Session Handling
Sessions may persist locally to protect workflow continuity. On shared or public devices, users must log out and lock the workstation after use.
Suspended users, revoked licenses, inactive clinics, and permission changes may terminate or restrict access.
Terms
Rules for using DR.CORD as a clinical operations platform.
Privacy
How DR.CORD handles patient, staff, clinic, authentication, attachment, audit, and sync data.
Storage Policy
Browser storage, IndexedDB, service worker, offline cache, and notification permission behavior.
Offline/PWA
How installable app mode, offline cache, delayed sync, and recovery work.